make install fails as it tries to write in /tmp

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

make install fails as it tries to write in /tmp

Thibaut Appel

Dear OpenSSL users,

I uncovered a potential issue affecting the installation of OpenSSL from source, in the case the user is not allowed to write in the /tmp folder.

I'm trying to install on a cluster where permissions to '/tmp' is restricted.

Is there an environment variable designed to tell 'make install' to NOT use /tmp?

My $TMP environment variable points to a different folder. The result of:

./config --prefix=/rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h
make && make install

install libcrypto.a -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.a
install libssl.a -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libssl.a
link /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so.1.1
install libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
install libcrypto.so.1.1 -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
mkdir: cannot create directory '/tmp/ar.12361': Permission denied
make: *** [install_dev] Error 1

Is there something I'm missing? How can this be circumvented?

Thanks,

Thibaut


Reply | Threaded
Open this post in threaded view
|

Re: make install fails as it tries to write in /tmp

Thibaut Appel

Dear Harald,

Thank you for your answer.

In fact my environment variable TMPDIR was already set to an appropriate folder, in my bash environment.

Did you mean it is meant to be set somewhere else at build or install time?

Output of perl --version gives me: This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi

I did try to change the hard-coded '/tmp' occurences in unix-Makefile.tmpl to the said folder, and it gave me something like:

ar: /my/dir/lib/libcrypto.so: file format not recognized

Is there anything else I can try?


Thibaut


On 28/10/2020 13:00, Harald Koch wrote:

This email from [hidden email] originates from outside Imperial. Do not click on links and attachments unless you recognise the sender. If you trust the sender, add them to your safe senders list to disable email stamping for this address.

 

Hello Thibaut,

I assume due to the name prefix „ar“ that an archive wants to be created via program „ar“. According to its man page, you can set the environment variable TMPDIR to your required value. Try this.

(from „man ar“):

ENVIRONMENT
     TMPDIR  The pathname of the directory to use when creating temporary files.

Regards,
Harald

Am 28.10.2020 um 09:48 schrieb Thibaut Appel <[hidden email]>:

Dear OpenSSL users,

I uncovered a potential issue affecting the installation of OpenSSL from source, in the case the user is not allowed to write in the /tmp folder.

I'm trying to install on a cluster where permissions to '/tmp' is restricted.

Is there an environment variable designed to tell 'make install' to NOT use /tmp?

My $TMP environment variable points to a different folder. The result of:

./config --prefix=/rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h
make && make install

install libcrypto.a -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.a
install libssl.a -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libssl.a
link /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so.1.1
install libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
install libcrypto.so.1.1 -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
mkdir: cannot create directory '/tmp/ar.12361': Permission denied
make: *** [install_dev] Error 1

Is there something I'm missing? How can this be circumvented?

Thanks,

Thibaut



Reply | Threaded
Open this post in threaded view
|

Re: make install fails as it tries to write in /tmp

Harald Koch
Hi Thibaut,

there must be something else in your environment: I chmod’ed my /tmp to 770, added a new user, checked that we cannot access /tmp, and successfully compiled openssl-1.1.1h on a test machine. The reason could lie somewhere else than /tmp.


Am 28.10.2020 um 13:13 schrieb Thibaut Appel <[hidden email]>:

Dear Harald,

Thank you for your answer.

In fact my environment variable TMPDIR was already set to an appropriate folder, in my bash environment.

Did you mean it is meant to be set somewhere else at build or install time?

Output of perl --version gives me: This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi

I did try to change the hard-coded '/tmp' occurences in unix-Makefile.tmpl to the said folder, and it gave me something like:

ar: /my/dir/lib/libcrypto.so: file format not recognized

Is there anything else I can try?


Thibaut


On 28/10/2020 13:00, Harald Koch wrote:
This email from [hidden email] originates from outside Imperial. Do not click on links and attachments unless you recognise the sender. If you trust the sender, add them to your safe senders list to disable email stamping for this address.
 
Hello Thibaut,

I assume due to the name prefix „ar“ that an archive wants to be created via program „ar“. According to its man page, you can set the environment variable TMPDIR to your required value. Try this.

(from „man ar“):

ENVIRONMENT
     TMPDIR  The pathname of the directory to use when creating temporary files.

Regards,
Harald

Am 28.10.2020 um 09:48 schrieb Thibaut Appel <[hidden email]>:

Dear OpenSSL users,

I uncovered a potential issue affecting the installation of OpenSSL from source, in the case the user is not allowed to write in the /tmp folder.

I'm trying to install on a cluster where permissions to '/tmp' is restricted.

Is there an environment variable designed to tell 'make install' to NOT use /tmp?

My $TMP environment variable points to a different folder. The result of:

./config --prefix=/rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h
make && make install

install libcrypto.a -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.a
install libssl.a -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libssl.a
link /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so.1.1
install libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
install libcrypto.so.1.1 -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
mkdir: cannot create directory '/tmp/ar.12361': Permission denied
make: *** [install_dev] Error 1

Is there something I'm missing? How can this be circumvented?

Thanks,

Thibaut




Reply | Threaded
Open this post in threaded view
|

Re: make install fails as it tries to write in /tmp

Viktor Dukhovni
In reply to this post by Thibaut Appel
On Wed, Oct 28, 2020 at 09:48:37AM +0100, Thibaut Appel wrote:

> I uncovered a potential issue affecting the installation of OpenSSL from
> source, in the case the user is not allowed to write in the /tmp folder.

This build environment was not anticipated by the build system, which
employs:

    $ git grep -A10 /tmp/ar
    unix-Makefile.tmpl:              if [ -f "$$a" ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \
    unix-Makefile.tmpl:                      mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \
    unix-Makefile.tmpl-                      cp -f "$$a" "$$a.new"; \
    unix-Makefile.tmpl-                      for so in `$(AR) t "$$a"`; do \
    unix-Makefile.tmpl-                              $(AR) x "$$a" "$$so"; \
    unix-Makefile.tmpl-                              chmod u+w "$$so"; \
    unix-Makefile.tmpl-                              strip -X32_64 -e "$$so"; \
    unix-Makefile.tmpl-                              $(AR) r "$$a.new" "$$so"; \
    unix-Makefile.tmpl-                      done; \
    unix-Makefile.tmpl-              )); fi; \
    unix-Makefile.tmpl-              $(AR) r "$$a.new" "$$s1"; \
    unix-Makefile.tmpl-              mv -f "$$a.new" "$$a"; \

The hard-coded /tmp there is not essential, it could be replaced with
mkdir -p .tmp/ar.$$$$, or some other appropriate path.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: make install fails as it tries to write in /tmp

Thibaut Appel

Dear Viktor,

I did try to change that hard-coded /tmp.

make install now fails because of

link /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so.1.1
install libcrypto.so -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
install libcrypto.so.1.1 -> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
ar: /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so: file format not recognized
ar: /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so.new: file format not recognized
make: *** [install_dev] Error 1

and I have

$ perl configdata.pm -c

Command line (with current working directory = .):

    /usr/bin/perl ./Configure linux-x86_64 --prefix=/rds/general/user/ta3616/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h

Perl information:

    /usr/bin/perl
    5.16.3 for x86_64-linux-thread-multi

It seems https://github.com/openssl/openssl/issues/6641 was about the same issue. I found out that my Text::Template is 1.45. Maybe that's the problem

Thibaut

On 28/10/2020 16:08, Viktor Dukhovni wrote:
*******************
This email originates from outside Imperial. Do not click on links and attachments unless you recognise the sender. 
If you trust the sender, add them to your safe senders list https://spam.ic.ac.uk/SpamConsole/Senders.aspx to disable email stamping for this address.
*******************
On Wed, Oct 28, 2020 at 09:48:37AM +0100, Thibaut Appel wrote:

I uncovered a potential issue affecting the installation of OpenSSL from 
source, in the case the user is not allowed to write in the /tmp folder.
This build environment was not anticipated by the build system, which
employs:

    $ git grep -A10 /tmp/ar
    unix-Makefile.tmpl:              if [ -f "$$a" ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \
    unix-Makefile.tmpl:                      mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \
    unix-Makefile.tmpl-                      cp -f "$$a" "$$a.new"; \
    unix-Makefile.tmpl-                      for so in `$(AR) t "$$a"`; do \
    unix-Makefile.tmpl-                              $(AR) x "$$a" "$$so"; \
    unix-Makefile.tmpl-                              chmod u+w "$$so"; \
    unix-Makefile.tmpl-                              strip -X32_64 -e "$$so"; \
    unix-Makefile.tmpl-                              $(AR) r "$$a.new" "$$so"; \
    unix-Makefile.tmpl-                      done; \
    unix-Makefile.tmpl-              )); fi; \
    unix-Makefile.tmpl-              $(AR) r "$$a.new" "$$s1"; \
    unix-Makefile.tmpl-              mv -f "$$a.new" "$$a"; \

The hard-coded /tmp there is not essential, it could be replaced with
mkdir -p .tmp/ar.$$$$, or some other appropriate path.

Reply | Threaded
Open this post in threaded view
|

Re: make install fails as it tries to write in /tmp

JordanBrown
In reply to this post by Thibaut Appel
I don't know exactly what environments the OpenSSL build targets, but a writable /tmp is a POSIX requirement.

https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap10.html
-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
Reply | Threaded
Open this post in threaded view
|

Re: make install fails as it tries to write in /tmp

Viktor Dukhovni
In reply to this post by Thibaut Appel
On Wed, Oct 28, 2020 at 04:33:12PM +0100, Thibaut Appel wrote:

> install libcrypto.so.1.1 ->
> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
> ar:
> /rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so:
> file format not recognized

Wild guess, you may have more than one "ar" on your system, and one of
them does not like files produced by the other?  I haven't had trouble
building OpenSSL 1.1.1 from the upstream sources.

Don't know whether "linuxbrew" introduces any additional concerns, I've
never used that.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: make install fails as it tries to write in /tmp

Thibaut Appel
Updating 'Text::Template' from perl solved the problem, detailed in https://github.com/openssl/openssl/issues/6641
On 28/10/2020 16:40, Viktor Dukhovni wrote:
*******************
This email originates from outside Imperial. Do not click on links and attachments unless you recognise the sender. 
If you trust the sender, add them to your safe senders list https://spam.ic.ac.uk/SpamConsole/Senders.aspx to disable email stamping for this address.
*******************
On Wed, Oct 28, 2020 at 04:33:12PM +0100, Thibaut Appel wrote:

install libcrypto.so.1.1 -> 
/rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so
ar: 
/rds/general/user/home/.linuxbrew/Cellar/openssl@1.1/1.1.1h/lib/libcrypto.so: 
file format not recognized
Wild guess, you may have more than one "ar" on your system, and one of
them does not like files produced by the other?  I haven't had trouble
building OpenSSL 1.1.1 from the upstream sources.

Don't know whether "linuxbrew" introduces any additional concerns, I've
never used that.